Enhanced File Transfer (EFT) - FIPS Validation
Why is FIPS Validation Important?
Most government agencies such as the Department of Defense require FIPS validation
for the commercial systems they purchase to protect the integrity of data traffic
traveling across their networks. Similarly, companies in the public sector such
as healthcare, financial and manufacturing are under pressure to ensure that customer
and patient information is secure when traveling across networks. To meet that need,
many companies in these markets are implementing the same FIPS standard mandated
by the U.S. government.
What is FIPS 140-2 Validation?
The Federal Information Processing Standard (FIPS) Publication 140-2 specifies the
security requirements of cryptographic modules used to protect sensitive information.
The Cryptographic Module Validation Program (CMVP) is the accreditation program
that validates cryptographic modules to this standard. The CMVP is a joint effort
between the National Institute of Standards and Technology (NIST) and the Communications
Security Establishment (CSE) of the Government of Canada. Cryptographic Modules
validated through the program are subjected to rigorous testing by independent,
accredited Cryptographic Module Testing (CMT) laboratories.
EFT HSM with FIPS 140-2 Validation
With the High Security Module (HSM), customers can deploy Globalscape's EFT platform
knowing the embedded Cryptographic Module has met the highest possible security
standards. This ensures that your file transfers are protected by best-in-class
HSM comes with a built-in FIPS 140-2 Validated cryptographic library
to provide secure transfer of information. This enhanced version of EFT uses
the validated cryptographic library to ensure that it operates using only FIPS-approved
algorithms for encryption of transferred data when using FTP over SSL (FTPS), HTTP
over SSL (HTTPS), and SFTP (SSH2).
When EFT is started, a series of startup tests, including Known Answer Tests
(KAT) and library-integrity checks, determine whether the HSM is initialized successfully.
If the HSM is not initialized successfully, encryption services are disabled and
the transfer of sensitive data is prevented.
For more details refer to the Globalscape Validation Certificate # 908 and the Cryptographic
Module Validation Program website.